Package: nx-libs Tags: patch
The Fedora review of nx-libs caught the following rpmlint issue:
This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observ...
This patch adds initgroups() calls to code to initialize the supplemental group list.
I'm done some minimal testing (can connect to a session with client and server running this code), but I'm note sure how much that exercised it.
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com